1d8a7b7a3SRobert Watson /*- 2f6a41092SRobert Watson * Copyright (c) 1999-2002 Robert N. M. Watson 3ba53d9c9SRobert Watson * Copyright (c) 2001-2005 McAfee, Inc. 46758f88eSRobert Watson * Copyright (c) 2005 SPARTA, Inc. 5d8a7b7a3SRobert Watson * All rights reserved. 6d8a7b7a3SRobert Watson * 7d8a7b7a3SRobert Watson * This software was developed by Robert Watson for the TrustedBSD Project. 8d8a7b7a3SRobert Watson * 9ba53d9c9SRobert Watson * This software was developed for the FreeBSD Project in part by McAfee 10ba53d9c9SRobert Watson * Research, the Security Research Division of McAfee, Inc. under 11ba53d9c9SRobert Watson * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA 12ba53d9c9SRobert Watson * CHATS research program. 13d8a7b7a3SRobert Watson * 146758f88eSRobert Watson * This software was enhanced by SPARTA ISSO under SPAWAR contract 156758f88eSRobert Watson * N66001-04-C-6019 ("SEFOS"). 166758f88eSRobert Watson * 17d8a7b7a3SRobert Watson * Redistribution and use in source and binary forms, with or without 18d8a7b7a3SRobert Watson * modification, are permitted provided that the following conditions 19d8a7b7a3SRobert Watson * are met: 20d8a7b7a3SRobert Watson * 1. Redistributions of source code must retain the above copyright 21d8a7b7a3SRobert Watson * notice, this list of conditions and the following disclaimer. 22d8a7b7a3SRobert Watson * 2. Redistributions in binary form must reproduce the above copyright 23d8a7b7a3SRobert Watson * notice, this list of conditions and the following disclaimer in the 24d8a7b7a3SRobert Watson * documentation and/or other materials provided with the distribution. 25d8a7b7a3SRobert Watson * 26d8a7b7a3SRobert Watson * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 27d8a7b7a3SRobert Watson * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 28d8a7b7a3SRobert Watson * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 29d8a7b7a3SRobert Watson * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 30d8a7b7a3SRobert Watson * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31d8a7b7a3SRobert Watson * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32d8a7b7a3SRobert Watson * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33d8a7b7a3SRobert Watson * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34d8a7b7a3SRobert Watson * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35d8a7b7a3SRobert Watson * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36d8a7b7a3SRobert Watson * SUCH DAMAGE. 37d8a7b7a3SRobert Watson * 38d8a7b7a3SRobert Watson * $FreeBSD$ 39d8a7b7a3SRobert Watson */ 40d8a7b7a3SRobert Watson 41d8a7b7a3SRobert Watson /* 42d8a7b7a3SRobert Watson * Developed by the TrustedBSD Project. 431c3f91cdSRobert Watson * 441c3f91cdSRobert Watson * Stub module that implements a NOOP for most (if not all) MAC Framework 451c3f91cdSRobert Watson * policy entry points. 46d8a7b7a3SRobert Watson */ 47d8a7b7a3SRobert Watson 48d8a7b7a3SRobert Watson #include <sys/types.h> 49d8a7b7a3SRobert Watson #include <sys/param.h> 50d8a7b7a3SRobert Watson #include <sys/acl.h> 51d8a7b7a3SRobert Watson #include <sys/conf.h> 52763bbd2fSRobert Watson #include <sys/extattr.h> 53d8a7b7a3SRobert Watson #include <sys/kernel.h> 54d8a7b7a3SRobert Watson #include <sys/mac.h> 55d8a7b7a3SRobert Watson #include <sys/mount.h> 56d8a7b7a3SRobert Watson #include <sys/proc.h> 57d8a7b7a3SRobert Watson #include <sys/systm.h> 58d8a7b7a3SRobert Watson #include <sys/sysproto.h> 59d8a7b7a3SRobert Watson #include <sys/sysent.h> 60d8a7b7a3SRobert Watson #include <sys/vnode.h> 61d8a7b7a3SRobert Watson #include <sys/file.h> 62d8a7b7a3SRobert Watson #include <sys/socket.h> 63d8a7b7a3SRobert Watson #include <sys/socketvar.h> 64d8a7b7a3SRobert Watson #include <sys/pipe.h> 6536422989SPoul-Henning Kamp #include <sys/sx.h> 66d8a7b7a3SRobert Watson #include <sys/sysctl.h> 67ba53d9c9SRobert Watson #include <sys/msg.h> 68ba53d9c9SRobert Watson #include <sys/sem.h> 69ba53d9c9SRobert Watson #include <sys/shm.h> 70d8a7b7a3SRobert Watson 7152648411SRobert Watson #include <posix4/ksem.h> 7252648411SRobert Watson 73d8a7b7a3SRobert Watson #include <fs/devfs/devfs.h> 74d8a7b7a3SRobert Watson 75d8a7b7a3SRobert Watson #include <net/bpfdesc.h> 76d8a7b7a3SRobert Watson #include <net/if.h> 77d8a7b7a3SRobert Watson #include <net/if_types.h> 78d8a7b7a3SRobert Watson #include <net/if_var.h> 79d8a7b7a3SRobert Watson 80d8a7b7a3SRobert Watson #include <netinet/in.h> 81a557af22SRobert Watson #include <netinet/in_pcb.h> 82d8a7b7a3SRobert Watson #include <netinet/ip_var.h> 83d8a7b7a3SRobert Watson 84d8a7b7a3SRobert Watson #include <vm/vm.h> 85d8a7b7a3SRobert Watson 86d8a7b7a3SRobert Watson #include <sys/mac_policy.h> 87d8a7b7a3SRobert Watson 88d8a7b7a3SRobert Watson SYSCTL_DECL(_security_mac); 89d8a7b7a3SRobert Watson 901c3f91cdSRobert Watson SYSCTL_NODE(_security_mac, OID_AUTO, stub, CTLFLAG_RW, 0, 911c3f91cdSRobert Watson "TrustedBSD mac_stub policy controls"); 92d8a7b7a3SRobert Watson 931c3f91cdSRobert Watson static int stub_enabled = 1; 941c3f91cdSRobert Watson SYSCTL_INT(_security_mac_stub, OID_AUTO, enabled, CTLFLAG_RW, 951c3f91cdSRobert Watson &stub_enabled, 0, "Enforce mac_stub policy"); 96d8a7b7a3SRobert Watson 97d8a7b7a3SRobert Watson /* 98d8a7b7a3SRobert Watson * Policy module operations. 99d8a7b7a3SRobert Watson */ 100d8a7b7a3SRobert Watson static void 1011c3f91cdSRobert Watson stub_destroy(struct mac_policy_conf *conf) 102d8a7b7a3SRobert Watson { 103d8a7b7a3SRobert Watson 104d8a7b7a3SRobert Watson } 105d8a7b7a3SRobert Watson 106d8a7b7a3SRobert Watson static void 1071c3f91cdSRobert Watson stub_init(struct mac_policy_conf *conf) 108d8a7b7a3SRobert Watson { 109d8a7b7a3SRobert Watson 110d8a7b7a3SRobert Watson } 111d8a7b7a3SRobert Watson 1128a97ecf6SRobert Watson static int 1131c3f91cdSRobert Watson stub_syscall(struct thread *td, int call, void *arg) 1148a97ecf6SRobert Watson { 1158a97ecf6SRobert Watson 1168a97ecf6SRobert Watson return (0); 1178a97ecf6SRobert Watson } 1188a97ecf6SRobert Watson 119d8a7b7a3SRobert Watson /* 120d8a7b7a3SRobert Watson * Label operations. 121d8a7b7a3SRobert Watson */ 122d8a7b7a3SRobert Watson static void 1231c3f91cdSRobert Watson stub_init_label(struct label *label) 124d8a7b7a3SRobert Watson { 125d8a7b7a3SRobert Watson 126d8a7b7a3SRobert Watson } 127d8a7b7a3SRobert Watson 128d8a7b7a3SRobert Watson static int 1291c3f91cdSRobert Watson stub_init_label_waitcheck(struct label *label, int flag) 130d8a7b7a3SRobert Watson { 131d8a7b7a3SRobert Watson 132d8a7b7a3SRobert Watson return (0); 133d8a7b7a3SRobert Watson } 134d8a7b7a3SRobert Watson 135d8a7b7a3SRobert Watson static void 1361c3f91cdSRobert Watson stub_destroy_label(struct label *label) 137d8a7b7a3SRobert Watson { 138d8a7b7a3SRobert Watson 139d8a7b7a3SRobert Watson } 140d8a7b7a3SRobert Watson 1410196273bSRobert Watson static void 1420196273bSRobert Watson stub_copy_label(struct label *src, struct label *dest) 1430196273bSRobert Watson { 1440196273bSRobert Watson 1450196273bSRobert Watson } 1460196273bSRobert Watson 147d8a7b7a3SRobert Watson static int 1481c3f91cdSRobert Watson stub_externalize_label(struct label *label, char *element_name, 149f51e5803SRobert Watson struct sbuf *sb, int *claimed) 150d8a7b7a3SRobert Watson { 151d8a7b7a3SRobert Watson 152d8a7b7a3SRobert Watson return (0); 153d8a7b7a3SRobert Watson } 154d8a7b7a3SRobert Watson 155d8a7b7a3SRobert Watson static int 1561c3f91cdSRobert Watson stub_internalize_label(struct label *label, char *element_name, 15724e8d0d0SRobert Watson char *element_data, int *claimed) 158d8a7b7a3SRobert Watson { 159d8a7b7a3SRobert Watson 160d8a7b7a3SRobert Watson return (0); 161d8a7b7a3SRobert Watson } 162d8a7b7a3SRobert Watson 163d8a7b7a3SRobert Watson /* 164d8a7b7a3SRobert Watson * Labeling event operations: file system objects, and things that look 165d8a7b7a3SRobert Watson * a lot like file system objects. 166d8a7b7a3SRobert Watson */ 167d8a7b7a3SRobert Watson static void 1681c3f91cdSRobert Watson stub_associate_vnode_devfs(struct mount *mp, struct label *fslabel, 169763bbd2fSRobert Watson struct devfs_dirent *de, struct label *delabel, struct vnode *vp, 170763bbd2fSRobert Watson struct label *vlabel) 171763bbd2fSRobert Watson { 172763bbd2fSRobert Watson 173763bbd2fSRobert Watson } 174763bbd2fSRobert Watson 175763bbd2fSRobert Watson static int 1761c3f91cdSRobert Watson stub_associate_vnode_extattr(struct mount *mp, struct label *fslabel, 177763bbd2fSRobert Watson struct vnode *vp, struct label *vlabel) 178763bbd2fSRobert Watson { 179763bbd2fSRobert Watson 180763bbd2fSRobert Watson return (0); 181763bbd2fSRobert Watson } 182763bbd2fSRobert Watson 183763bbd2fSRobert Watson static void 1841c3f91cdSRobert Watson stub_associate_vnode_singlelabel(struct mount *mp, 185763bbd2fSRobert Watson struct label *fslabel, struct vnode *vp, struct label *vlabel) 186763bbd2fSRobert Watson { 187763bbd2fSRobert Watson 188763bbd2fSRobert Watson } 189763bbd2fSRobert Watson 190763bbd2fSRobert Watson static void 191d26dd2d9SRobert Watson stub_create_devfs_device(struct ucred *cred, struct mount *mp, 192d26dd2d9SRobert Watson struct cdev *dev, struct devfs_dirent *devfs_dirent, struct label *label) 193eea8ea31SRobert Watson { 194eea8ea31SRobert Watson 195eea8ea31SRobert Watson } 196eea8ea31SRobert Watson 197eea8ea31SRobert Watson static void 1981c3f91cdSRobert Watson stub_create_devfs_directory(struct mount *mp, char *dirname, 199990b4b2dSRobert Watson int dirnamelen, struct devfs_dirent *devfs_dirent, struct label *label) 200990b4b2dSRobert Watson { 201990b4b2dSRobert Watson 202990b4b2dSRobert Watson } 203990b4b2dSRobert Watson 204990b4b2dSRobert Watson static void 2051c3f91cdSRobert Watson stub_create_devfs_symlink(struct ucred *cred, struct mount *mp, 206990b4b2dSRobert Watson struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de, 207990b4b2dSRobert Watson struct label *delabel) 208d8a7b7a3SRobert Watson { 209d8a7b7a3SRobert Watson 210d8a7b7a3SRobert Watson } 211d8a7b7a3SRobert Watson 212763bbd2fSRobert Watson static int 2131c3f91cdSRobert Watson stub_create_vnode_extattr(struct ucred *cred, struct mount *mp, 214763bbd2fSRobert Watson struct label *fslabel, struct vnode *dvp, struct label *dlabel, 215763bbd2fSRobert Watson struct vnode *vp, struct label *vlabel, struct componentname *cnp) 216d8a7b7a3SRobert Watson { 217d8a7b7a3SRobert Watson 218763bbd2fSRobert Watson return (0); 219d8a7b7a3SRobert Watson } 220d8a7b7a3SRobert Watson 221d8a7b7a3SRobert Watson static void 2221c3f91cdSRobert Watson stub_create_mount(struct ucred *cred, struct mount *mp, 223d8a7b7a3SRobert Watson struct label *mntlabel, struct label *fslabel) 224d8a7b7a3SRobert Watson { 225d8a7b7a3SRobert Watson 226d8a7b7a3SRobert Watson } 227d8a7b7a3SRobert Watson 228d8a7b7a3SRobert Watson static void 2291c3f91cdSRobert Watson stub_relabel_vnode(struct ucred *cred, struct vnode *vp, 230d8a7b7a3SRobert Watson struct label *vnodelabel, struct label *label) 231d8a7b7a3SRobert Watson { 232d8a7b7a3SRobert Watson 233d8a7b7a3SRobert Watson } 234d8a7b7a3SRobert Watson 235d8a7b7a3SRobert Watson static int 2361c3f91cdSRobert Watson stub_setlabel_vnode_extattr(struct ucred *cred, struct vnode *vp, 237763bbd2fSRobert Watson struct label *vlabel, struct label *intlabel) 238d8a7b7a3SRobert Watson { 239d8a7b7a3SRobert Watson 240d8a7b7a3SRobert Watson return (0); 241d8a7b7a3SRobert Watson } 242d8a7b7a3SRobert Watson 243d8a7b7a3SRobert Watson static void 2441c3f91cdSRobert Watson stub_update_devfsdirent(struct mount *mp, 245990b4b2dSRobert Watson struct devfs_dirent *devfs_dirent, struct label *direntlabel, 246990b4b2dSRobert Watson struct vnode *vp, struct label *vnodelabel) 247d8a7b7a3SRobert Watson { 248d8a7b7a3SRobert Watson 249d8a7b7a3SRobert Watson } 250d8a7b7a3SRobert Watson 251d8a7b7a3SRobert Watson /* 252d8a7b7a3SRobert Watson * Labeling event operations: IPC object. 253d8a7b7a3SRobert Watson */ 254d8a7b7a3SRobert Watson static void 2551c3f91cdSRobert Watson stub_create_mbuf_from_socket(struct socket *so, struct label *socketlabel, 256d8a7b7a3SRobert Watson struct mbuf *m, struct label *mbuflabel) 257d8a7b7a3SRobert Watson { 258d8a7b7a3SRobert Watson 259d8a7b7a3SRobert Watson } 260d8a7b7a3SRobert Watson 261d8a7b7a3SRobert Watson static void 2621c3f91cdSRobert Watson stub_create_socket(struct ucred *cred, struct socket *socket, 263d8a7b7a3SRobert Watson struct label *socketlabel) 264d8a7b7a3SRobert Watson { 265d8a7b7a3SRobert Watson 266d8a7b7a3SRobert Watson } 267d8a7b7a3SRobert Watson 268d8a7b7a3SRobert Watson static void 26991c2dc94SRobert Watson stub_create_pipe(struct ucred *cred, struct pipepair *pp, 270d8a7b7a3SRobert Watson struct label *pipelabel) 271d8a7b7a3SRobert Watson { 272d8a7b7a3SRobert Watson 273d8a7b7a3SRobert Watson } 274d8a7b7a3SRobert Watson 275d8a7b7a3SRobert Watson static void 27652648411SRobert Watson stub_create_posix_sem(struct ucred *cred, struct ksem *ksemptr, 27752648411SRobert Watson struct label *ks_label) 27852648411SRobert Watson { 27952648411SRobert Watson 28052648411SRobert Watson } 28152648411SRobert Watson 28252648411SRobert Watson static void 2831c3f91cdSRobert Watson stub_create_socket_from_socket(struct socket *oldsocket, 284d8a7b7a3SRobert Watson struct label *oldsocketlabel, struct socket *newsocket, 285d8a7b7a3SRobert Watson struct label *newsocketlabel) 286d8a7b7a3SRobert Watson { 287d8a7b7a3SRobert Watson 288d8a7b7a3SRobert Watson } 289d8a7b7a3SRobert Watson 290d8a7b7a3SRobert Watson static void 2911c3f91cdSRobert Watson stub_relabel_socket(struct ucred *cred, struct socket *socket, 292d8a7b7a3SRobert Watson struct label *socketlabel, struct label *newlabel) 293d8a7b7a3SRobert Watson { 294d8a7b7a3SRobert Watson 295d8a7b7a3SRobert Watson } 296d8a7b7a3SRobert Watson 297d8a7b7a3SRobert Watson static void 29891c2dc94SRobert Watson stub_relabel_pipe(struct ucred *cred, struct pipepair *pp, 299d8a7b7a3SRobert Watson struct label *pipelabel, struct label *newlabel) 300d8a7b7a3SRobert Watson { 301d8a7b7a3SRobert Watson 302d8a7b7a3SRobert Watson } 303d8a7b7a3SRobert Watson 304d8a7b7a3SRobert Watson static void 3051c3f91cdSRobert Watson stub_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct label *mbuflabel, 306d8a7b7a3SRobert Watson struct socket *socket, struct label *socketpeerlabel) 307d8a7b7a3SRobert Watson { 308d8a7b7a3SRobert Watson 309d8a7b7a3SRobert Watson } 310d8a7b7a3SRobert Watson 311d8a7b7a3SRobert Watson static void 3121c3f91cdSRobert Watson stub_set_socket_peer_from_socket(struct socket *oldsocket, 313d8a7b7a3SRobert Watson struct label *oldsocketlabel, struct socket *newsocket, 314d8a7b7a3SRobert Watson struct label *newsocketpeerlabel) 315d8a7b7a3SRobert Watson { 316d8a7b7a3SRobert Watson 317d8a7b7a3SRobert Watson } 318d8a7b7a3SRobert Watson 319d8a7b7a3SRobert Watson /* 320d8a7b7a3SRobert Watson * Labeling event operations: network objects. 321d8a7b7a3SRobert Watson */ 322d8a7b7a3SRobert Watson static void 3231c3f91cdSRobert Watson stub_create_bpfdesc(struct ucred *cred, struct bpf_d *bpf_d, 324d8a7b7a3SRobert Watson struct label *bpflabel) 325d8a7b7a3SRobert Watson { 326d8a7b7a3SRobert Watson 327d8a7b7a3SRobert Watson } 328d8a7b7a3SRobert Watson 329d8a7b7a3SRobert Watson static void 3301c3f91cdSRobert Watson stub_create_datagram_from_ipq(struct ipq *ipq, struct label *ipqlabel, 331d8a7b7a3SRobert Watson struct mbuf *datagram, struct label *datagramlabel) 332d8a7b7a3SRobert Watson { 333d8a7b7a3SRobert Watson 334d8a7b7a3SRobert Watson } 335d8a7b7a3SRobert Watson 336d8a7b7a3SRobert Watson static void 3371c3f91cdSRobert Watson stub_create_fragment(struct mbuf *datagram, struct label *datagramlabel, 338d8a7b7a3SRobert Watson struct mbuf *fragment, struct label *fragmentlabel) 339d8a7b7a3SRobert Watson { 340d8a7b7a3SRobert Watson 341d8a7b7a3SRobert Watson } 342d8a7b7a3SRobert Watson 343d8a7b7a3SRobert Watson static void 3441c3f91cdSRobert Watson stub_create_ifnet(struct ifnet *ifnet, struct label *ifnetlabel) 345d8a7b7a3SRobert Watson { 346d8a7b7a3SRobert Watson 347d8a7b7a3SRobert Watson } 348d8a7b7a3SRobert Watson 349d8a7b7a3SRobert Watson static void 350a557af22SRobert Watson stub_create_inpcb_from_socket(struct socket *so, struct label *solabel, 351a557af22SRobert Watson struct inpcb *inp, struct label *inplabel) 352a557af22SRobert Watson { 353a557af22SRobert Watson 354a557af22SRobert Watson } 355a557af22SRobert Watson 356a557af22SRobert Watson static void 357ba53d9c9SRobert Watson stub_create_sysv_msgmsg(struct ucred *cred, struct msqid_kernel *msqkptr, 358ba53d9c9SRobert Watson struct label *msqlabel, struct msg *msgptr, struct label *msglabel) 359ba53d9c9SRobert Watson { 360ba53d9c9SRobert Watson 361ba53d9c9SRobert Watson } 362ba53d9c9SRobert Watson 363ba53d9c9SRobert Watson static void 364ba53d9c9SRobert Watson stub_create_sysv_msgqueue(struct ucred *cred, struct msqid_kernel *msqkptr, 365ba53d9c9SRobert Watson struct label *msqlabel) 366ba53d9c9SRobert Watson { 367ba53d9c9SRobert Watson 368ba53d9c9SRobert Watson } 369ba53d9c9SRobert Watson 370ba53d9c9SRobert Watson static void 3713831e7d7SRobert Watson stub_create_sysv_sem(struct ucred *cred, struct semid_kernel *semakptr, 372ba53d9c9SRobert Watson struct label *semalabel) 373ba53d9c9SRobert Watson { 374ba53d9c9SRobert Watson 375ba53d9c9SRobert Watson } 376ba53d9c9SRobert Watson 377ba53d9c9SRobert Watson static void 378ba53d9c9SRobert Watson stub_create_sysv_shm(struct ucred *cred, struct shmid_kernel *shmsegptr, 379ba53d9c9SRobert Watson struct label *shmalabel) 380ba53d9c9SRobert Watson { 381ba53d9c9SRobert Watson 382ba53d9c9SRobert Watson } 383ba53d9c9SRobert Watson 384ba53d9c9SRobert Watson static void 3851c3f91cdSRobert Watson stub_create_ipq(struct mbuf *fragment, struct label *fragmentlabel, 386d8a7b7a3SRobert Watson struct ipq *ipq, struct label *ipqlabel) 387d8a7b7a3SRobert Watson { 388d8a7b7a3SRobert Watson 389d8a7b7a3SRobert Watson } 390d8a7b7a3SRobert Watson 391d8a7b7a3SRobert Watson static void 3922d92ec98SRobert Watson stub_create_mbuf_from_inpcb(struct inpcb *inp, struct label *inplabel, 3932d92ec98SRobert Watson struct mbuf *m, struct label *mlabel) 3942d92ec98SRobert Watson { 3952d92ec98SRobert Watson 3962d92ec98SRobert Watson } 3972d92ec98SRobert Watson 3982d92ec98SRobert Watson static void 3991c3f91cdSRobert Watson stub_create_mbuf_linklayer(struct ifnet *ifnet, struct label *ifnetlabel, 400d8a7b7a3SRobert Watson struct mbuf *mbuf, struct label *mbuflabel) 401d8a7b7a3SRobert Watson { 402d8a7b7a3SRobert Watson 403d8a7b7a3SRobert Watson } 404d8a7b7a3SRobert Watson 405d8a7b7a3SRobert Watson static void 4061c3f91cdSRobert Watson stub_create_mbuf_from_bpfdesc(struct bpf_d *bpf_d, struct label *bpflabel, 407d8a7b7a3SRobert Watson struct mbuf *mbuf, struct label *mbuflabel) 408d8a7b7a3SRobert Watson { 409d8a7b7a3SRobert Watson 410d8a7b7a3SRobert Watson } 411d8a7b7a3SRobert Watson 412d8a7b7a3SRobert Watson static void 4131c3f91cdSRobert Watson stub_create_mbuf_from_ifnet(struct ifnet *ifnet, struct label *ifnetlabel, 414d8a7b7a3SRobert Watson struct mbuf *m, struct label *mbuflabel) 415d8a7b7a3SRobert Watson { 416d8a7b7a3SRobert Watson 417d8a7b7a3SRobert Watson } 418d8a7b7a3SRobert Watson 419d8a7b7a3SRobert Watson static void 4201c3f91cdSRobert Watson stub_create_mbuf_multicast_encap(struct mbuf *oldmbuf, 421d8a7b7a3SRobert Watson struct label *oldmbuflabel, struct ifnet *ifnet, struct label *ifnetlabel, 422d8a7b7a3SRobert Watson struct mbuf *newmbuf, struct label *newmbuflabel) 423d8a7b7a3SRobert Watson { 424d8a7b7a3SRobert Watson 425d8a7b7a3SRobert Watson } 426d8a7b7a3SRobert Watson 427d8a7b7a3SRobert Watson static void 4281c3f91cdSRobert Watson stub_create_mbuf_netlayer(struct mbuf *oldmbuf, 429d8a7b7a3SRobert Watson struct label *oldmbuflabel, struct mbuf *newmbuf, struct label *newmbuflabel) 430d8a7b7a3SRobert Watson { 431d8a7b7a3SRobert Watson 432d8a7b7a3SRobert Watson } 433d8a7b7a3SRobert Watson 434d8a7b7a3SRobert Watson static int 4351c3f91cdSRobert Watson stub_fragment_match(struct mbuf *fragment, struct label *fragmentlabel, 436d8a7b7a3SRobert Watson struct ipq *ipq, struct label *ipqlabel) 437d8a7b7a3SRobert Watson { 438d8a7b7a3SRobert Watson 439d8a7b7a3SRobert Watson return (1); 440d8a7b7a3SRobert Watson } 441d8a7b7a3SRobert Watson 442d8a7b7a3SRobert Watson static void 44364f00af8SRobert Watson stub_reflect_mbuf_icmp(struct mbuf *m, struct label *mlabel) 44464f00af8SRobert Watson { 44564f00af8SRobert Watson 44664f00af8SRobert Watson } 44764f00af8SRobert Watson 44864f00af8SRobert Watson static void 44964f00af8SRobert Watson stub_reflect_mbuf_tcp(struct mbuf *m, struct label *mlabel) 45064f00af8SRobert Watson { 45164f00af8SRobert Watson 45264f00af8SRobert Watson } 45364f00af8SRobert Watson 45464f00af8SRobert Watson static void 4551c3f91cdSRobert Watson stub_relabel_ifnet(struct ucred *cred, struct ifnet *ifnet, 456d8a7b7a3SRobert Watson struct label *ifnetlabel, struct label *newlabel) 457d8a7b7a3SRobert Watson { 458d8a7b7a3SRobert Watson 459d8a7b7a3SRobert Watson } 460d8a7b7a3SRobert Watson 461d8a7b7a3SRobert Watson static void 4621c3f91cdSRobert Watson stub_update_ipq(struct mbuf *fragment, struct label *fragmentlabel, 463d8a7b7a3SRobert Watson struct ipq *ipq, struct label *ipqlabel) 464d8a7b7a3SRobert Watson { 465d8a7b7a3SRobert Watson 466d8a7b7a3SRobert Watson } 467d8a7b7a3SRobert Watson 468a557af22SRobert Watson static void 469a557af22SRobert Watson stub_inpcb_sosetlabel(struct socket *so, struct label *solabel, 470a557af22SRobert Watson struct inpcb *inp, struct label *inplabel) 471a557af22SRobert Watson { 472a557af22SRobert Watson 473a557af22SRobert Watson } 474a557af22SRobert Watson 475d8a7b7a3SRobert Watson /* 476d8a7b7a3SRobert Watson * Labeling event operations: processes. 477d8a7b7a3SRobert Watson */ 478d8a7b7a3SRobert Watson static void 4791c3f91cdSRobert Watson stub_execve_transition(struct ucred *old, struct ucred *new, 480939b97cbSRobert Watson struct vnode *vp, struct label *vnodelabel, 481ef5def59SRobert Watson struct label *interpvnodelabel, struct image_params *imgp, 482ef5def59SRobert Watson struct label *execlabel) 483d8a7b7a3SRobert Watson { 484d8a7b7a3SRobert Watson 485d8a7b7a3SRobert Watson } 486d8a7b7a3SRobert Watson 487d8a7b7a3SRobert Watson static int 4881c3f91cdSRobert Watson stub_execve_will_transition(struct ucred *old, struct vnode *vp, 489939b97cbSRobert Watson struct label *vnodelabel, struct label *interpvnodelabel, 490ef5def59SRobert Watson struct image_params *imgp, struct label *execlabel) 491d8a7b7a3SRobert Watson { 492d8a7b7a3SRobert Watson 493d8a7b7a3SRobert Watson return (0); 494d8a7b7a3SRobert Watson } 495d8a7b7a3SRobert Watson 496d8a7b7a3SRobert Watson static void 4971c3f91cdSRobert Watson stub_create_proc0(struct ucred *cred) 498d8a7b7a3SRobert Watson { 499d8a7b7a3SRobert Watson 500d8a7b7a3SRobert Watson } 501d8a7b7a3SRobert Watson 502d8a7b7a3SRobert Watson static void 5031c3f91cdSRobert Watson stub_create_proc1(struct ucred *cred) 504d8a7b7a3SRobert Watson { 505d8a7b7a3SRobert Watson 506d8a7b7a3SRobert Watson } 507d8a7b7a3SRobert Watson 508d8a7b7a3SRobert Watson static void 5091c3f91cdSRobert Watson stub_relabel_cred(struct ucred *cred, struct label *newlabel) 510d8a7b7a3SRobert Watson { 511d8a7b7a3SRobert Watson 512d8a7b7a3SRobert Watson } 513d8a7b7a3SRobert Watson 51409de2dc2SRobert Watson static void 5151c3f91cdSRobert Watson stub_thread_userret(struct thread *td) 51609de2dc2SRobert Watson { 51709de2dc2SRobert Watson 51809de2dc2SRobert Watson } 51909de2dc2SRobert Watson 520d8a7b7a3SRobert Watson /* 521ba53d9c9SRobert Watson * Label cleanup/flush operations 522ba53d9c9SRobert Watson */ 523ba53d9c9SRobert Watson static void 524ba53d9c9SRobert Watson stub_cleanup_sysv_msgmsg(struct label *msglabel) 525ba53d9c9SRobert Watson { 526ba53d9c9SRobert Watson 527ba53d9c9SRobert Watson } 528ba53d9c9SRobert Watson 529ba53d9c9SRobert Watson static void 530ba53d9c9SRobert Watson stub_cleanup_sysv_msgqueue(struct label *msqlabel) 531ba53d9c9SRobert Watson { 532ba53d9c9SRobert Watson 533ba53d9c9SRobert Watson } 534ba53d9c9SRobert Watson 535ba53d9c9SRobert Watson static void 5363831e7d7SRobert Watson stub_cleanup_sysv_sem(struct label *semalabel) 537ba53d9c9SRobert Watson { 538ba53d9c9SRobert Watson 539ba53d9c9SRobert Watson } 540ba53d9c9SRobert Watson 541ba53d9c9SRobert Watson static void 542ba53d9c9SRobert Watson stub_cleanup_sysv_shm(struct label *shmlabel) 543ba53d9c9SRobert Watson { 544ba53d9c9SRobert Watson 545ba53d9c9SRobert Watson } 546ba53d9c9SRobert Watson 547ba53d9c9SRobert Watson /* 548d8a7b7a3SRobert Watson * Access control checks. 549d8a7b7a3SRobert Watson */ 550d8a7b7a3SRobert Watson static int 5511c3f91cdSRobert Watson stub_check_bpfdesc_receive(struct bpf_d *bpf_d, struct label *bpflabel, 552d8a7b7a3SRobert Watson struct ifnet *ifnet, struct label *ifnet_label) 553d8a7b7a3SRobert Watson { 554d8a7b7a3SRobert Watson 555d8a7b7a3SRobert Watson return (0); 556d8a7b7a3SRobert Watson } 557d8a7b7a3SRobert Watson 558d8a7b7a3SRobert Watson static int 5591c3f91cdSRobert Watson stub_check_cred_relabel(struct ucred *cred, struct label *newlabel) 560d8a7b7a3SRobert Watson { 561d8a7b7a3SRobert Watson 562d8a7b7a3SRobert Watson return (0); 563d8a7b7a3SRobert Watson } 564d8a7b7a3SRobert Watson 565d8a7b7a3SRobert Watson static int 5661c3f91cdSRobert Watson stub_check_cred_visible(struct ucred *u1, struct ucred *u2) 567d8a7b7a3SRobert Watson { 568d8a7b7a3SRobert Watson 569d8a7b7a3SRobert Watson return (0); 570d8a7b7a3SRobert Watson } 571d8a7b7a3SRobert Watson 572d8a7b7a3SRobert Watson static int 5731c3f91cdSRobert Watson stub_check_ifnet_relabel(struct ucred *cred, struct ifnet *ifnet, 5741979061bSRobert Watson struct label *ifnetlabel, struct label *newlabel) 575d8a7b7a3SRobert Watson { 576d8a7b7a3SRobert Watson 577d8a7b7a3SRobert Watson return (0); 578d8a7b7a3SRobert Watson } 579d8a7b7a3SRobert Watson 580d8a7b7a3SRobert Watson static int 5811c3f91cdSRobert Watson stub_check_ifnet_transmit(struct ifnet *ifnet, struct label *ifnetlabel, 582d8a7b7a3SRobert Watson struct mbuf *m, struct label *mbuflabel) 583d8a7b7a3SRobert Watson { 584d8a7b7a3SRobert Watson 585d8a7b7a3SRobert Watson return (0); 586d8a7b7a3SRobert Watson } 587d8a7b7a3SRobert Watson 588d8a7b7a3SRobert Watson static int 589a557af22SRobert Watson stub_check_inpcb_deliver(struct inpcb *inp, struct label *inplabel, 590a557af22SRobert Watson struct mbuf *m, struct label *mlabel) 591a557af22SRobert Watson { 592a557af22SRobert Watson 593a557af22SRobert Watson return (0); 594a557af22SRobert Watson } 595a557af22SRobert Watson 596a557af22SRobert Watson static int 597ba53d9c9SRobert Watson stub_check_sysv_msgmsq(struct ucred *cred, struct msg *msgptr, 598ba53d9c9SRobert Watson struct label *msglabel, struct msqid_kernel *msqkptr, 599ba53d9c9SRobert Watson struct label *msqklabel) 600ba53d9c9SRobert Watson { 601ba53d9c9SRobert Watson 602ba53d9c9SRobert Watson return (0); 603ba53d9c9SRobert Watson } 604ba53d9c9SRobert Watson 605ba53d9c9SRobert Watson static int 606ba53d9c9SRobert Watson stub_check_sysv_msgrcv(struct ucred *cred, struct msg *msgptr, 607ba53d9c9SRobert Watson struct label *msglabel) 608ba53d9c9SRobert Watson { 609ba53d9c9SRobert Watson 610ba53d9c9SRobert Watson return (0); 611ba53d9c9SRobert Watson } 612ba53d9c9SRobert Watson 613ba53d9c9SRobert Watson 614ba53d9c9SRobert Watson static int 615ba53d9c9SRobert Watson stub_check_sysv_msgrmid(struct ucred *cred, struct msg *msgptr, 616ba53d9c9SRobert Watson struct label *msglabel) 617ba53d9c9SRobert Watson { 618ba53d9c9SRobert Watson 619ba53d9c9SRobert Watson return (0); 620ba53d9c9SRobert Watson } 621ba53d9c9SRobert Watson 622ba53d9c9SRobert Watson 623ba53d9c9SRobert Watson static int 624ba53d9c9SRobert Watson stub_check_sysv_msqget(struct ucred *cred, struct msqid_kernel *msqkptr, 625ba53d9c9SRobert Watson struct label *msqklabel) 626ba53d9c9SRobert Watson { 627ba53d9c9SRobert Watson 628ba53d9c9SRobert Watson return (0); 629ba53d9c9SRobert Watson } 630ba53d9c9SRobert Watson 631ba53d9c9SRobert Watson 632ba53d9c9SRobert Watson static int 633ba53d9c9SRobert Watson stub_check_sysv_msqsnd(struct ucred *cred, struct msqid_kernel *msqkptr, 634ba53d9c9SRobert Watson struct label *msqklabel) 635ba53d9c9SRobert Watson { 636ba53d9c9SRobert Watson 637ba53d9c9SRobert Watson return (0); 638ba53d9c9SRobert Watson } 639ba53d9c9SRobert Watson 640ba53d9c9SRobert Watson static int 641ba53d9c9SRobert Watson stub_check_sysv_msqrcv(struct ucred *cred, struct msqid_kernel *msqkptr, 642ba53d9c9SRobert Watson struct label *msqklabel) 643ba53d9c9SRobert Watson { 644ba53d9c9SRobert Watson 645ba53d9c9SRobert Watson return (0); 646ba53d9c9SRobert Watson } 647ba53d9c9SRobert Watson 648ba53d9c9SRobert Watson 649ba53d9c9SRobert Watson static int 650ba53d9c9SRobert Watson stub_check_sysv_msqctl(struct ucred *cred, struct msqid_kernel *msqkptr, 651ba53d9c9SRobert Watson struct label *msqklabel, int cmd) 652ba53d9c9SRobert Watson { 653ba53d9c9SRobert Watson 654ba53d9c9SRobert Watson return (0); 655ba53d9c9SRobert Watson } 656ba53d9c9SRobert Watson 657ba53d9c9SRobert Watson 658ba53d9c9SRobert Watson static int 659ba53d9c9SRobert Watson stub_check_sysv_semctl(struct ucred *cred, struct semid_kernel *semakptr, 660ba53d9c9SRobert Watson struct label *semaklabel, int cmd) 661ba53d9c9SRobert Watson { 662ba53d9c9SRobert Watson 663ba53d9c9SRobert Watson return (0); 664ba53d9c9SRobert Watson } 665ba53d9c9SRobert Watson 666ba53d9c9SRobert Watson static int 667ba53d9c9SRobert Watson stub_check_sysv_semget(struct ucred *cred, struct semid_kernel *semakptr, 668ba53d9c9SRobert Watson struct label *semaklabel) 669ba53d9c9SRobert Watson { 670ba53d9c9SRobert Watson 671ba53d9c9SRobert Watson return (0); 672ba53d9c9SRobert Watson } 673ba53d9c9SRobert Watson 674ba53d9c9SRobert Watson 675ba53d9c9SRobert Watson static int 676ba53d9c9SRobert Watson stub_check_sysv_semop(struct ucred *cred, struct semid_kernel *semakptr, 677ba53d9c9SRobert Watson struct label *semaklabel, size_t accesstype) 678ba53d9c9SRobert Watson { 679ba53d9c9SRobert Watson 680ba53d9c9SRobert Watson return (0); 681ba53d9c9SRobert Watson } 682ba53d9c9SRobert Watson 683ba53d9c9SRobert Watson static int 684ba53d9c9SRobert Watson stub_check_sysv_shmat(struct ucred *cred, struct shmid_kernel *shmsegptr, 685ba53d9c9SRobert Watson struct label *shmseglabel, int shmflg) 686ba53d9c9SRobert Watson { 687ba53d9c9SRobert Watson 688ba53d9c9SRobert Watson return (0); 689ba53d9c9SRobert Watson } 690ba53d9c9SRobert Watson 691ba53d9c9SRobert Watson static int 692ba53d9c9SRobert Watson stub_check_sysv_shmctl(struct ucred *cred, struct shmid_kernel *shmsegptr, 693ba53d9c9SRobert Watson struct label *shmseglabel, int cmd) 694ba53d9c9SRobert Watson { 695ba53d9c9SRobert Watson 696ba53d9c9SRobert Watson return (0); 697ba53d9c9SRobert Watson } 698ba53d9c9SRobert Watson 699ba53d9c9SRobert Watson static int 700ba53d9c9SRobert Watson stub_check_sysv_shmdt(struct ucred *cred, struct shmid_kernel *shmsegptr, 701ba53d9c9SRobert Watson struct label *shmseglabel) 702ba53d9c9SRobert Watson { 703ba53d9c9SRobert Watson 704ba53d9c9SRobert Watson return (0); 705ba53d9c9SRobert Watson } 706ba53d9c9SRobert Watson 707ba53d9c9SRobert Watson 708ba53d9c9SRobert Watson static int 709ba53d9c9SRobert Watson stub_check_sysv_shmget(struct ucred *cred, struct shmid_kernel *shmsegptr, 710ba53d9c9SRobert Watson struct label *shmseglabel, int shmflg) 711ba53d9c9SRobert Watson { 712ba53d9c9SRobert Watson 713ba53d9c9SRobert Watson return (0); 714ba53d9c9SRobert Watson } 715ba53d9c9SRobert Watson 716ba53d9c9SRobert Watson static int 7171c3f91cdSRobert Watson stub_check_kenv_dump(struct ucred *cred) 71809de2dc2SRobert Watson { 71909de2dc2SRobert Watson 72009de2dc2SRobert Watson return (0); 72109de2dc2SRobert Watson } 72209de2dc2SRobert Watson 72309de2dc2SRobert Watson static int 7241c3f91cdSRobert Watson stub_check_kenv_get(struct ucred *cred, char *name) 72509de2dc2SRobert Watson { 72609de2dc2SRobert Watson 72709de2dc2SRobert Watson return (0); 72809de2dc2SRobert Watson } 72909de2dc2SRobert Watson 73009de2dc2SRobert Watson static int 7311c3f91cdSRobert Watson stub_check_kenv_set(struct ucred *cred, char *name, char *value) 73209de2dc2SRobert Watson { 73309de2dc2SRobert Watson 73409de2dc2SRobert Watson return (0); 73509de2dc2SRobert Watson } 73609de2dc2SRobert Watson 73709de2dc2SRobert Watson static int 7381c3f91cdSRobert Watson stub_check_kenv_unset(struct ucred *cred, char *name) 73909de2dc2SRobert Watson { 74009de2dc2SRobert Watson 74109de2dc2SRobert Watson return (0); 74209de2dc2SRobert Watson } 74309de2dc2SRobert Watson 74409de2dc2SRobert Watson static int 7451c3f91cdSRobert Watson stub_check_kld_load(struct ucred *cred, struct vnode *vp, 74609de2dc2SRobert Watson struct label *vlabel) 74709de2dc2SRobert Watson { 74809de2dc2SRobert Watson 74909de2dc2SRobert Watson return (0); 75009de2dc2SRobert Watson } 75109de2dc2SRobert Watson 75209de2dc2SRobert Watson static int 7531c3f91cdSRobert Watson stub_check_kld_stat(struct ucred *cred) 75409de2dc2SRobert Watson { 75509de2dc2SRobert Watson 75609de2dc2SRobert Watson return (0); 75709de2dc2SRobert Watson } 75809de2dc2SRobert Watson 75909de2dc2SRobert Watson static int 7601c3f91cdSRobert Watson stub_check_kld_unload(struct ucred *cred) 76109de2dc2SRobert Watson { 76209de2dc2SRobert Watson 76309de2dc2SRobert Watson return (0); 76409de2dc2SRobert Watson } 76509de2dc2SRobert Watson 76609de2dc2SRobert Watson static int 7671c3f91cdSRobert Watson stub_check_mount_stat(struct ucred *cred, struct mount *mp, 768d8a7b7a3SRobert Watson struct label *mntlabel) 769d8a7b7a3SRobert Watson { 770d8a7b7a3SRobert Watson 771d8a7b7a3SRobert Watson return (0); 772d8a7b7a3SRobert Watson } 773d8a7b7a3SRobert Watson 774d8a7b7a3SRobert Watson static int 77591c2dc94SRobert Watson stub_check_pipe_ioctl(struct ucred *cred, struct pipepair *pp, 776d8a7b7a3SRobert Watson struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data) 777d8a7b7a3SRobert Watson { 778d8a7b7a3SRobert Watson 779d8a7b7a3SRobert Watson return (0); 780d8a7b7a3SRobert Watson } 781d8a7b7a3SRobert Watson 782d8a7b7a3SRobert Watson static int 78391c2dc94SRobert Watson stub_check_pipe_poll(struct ucred *cred, struct pipepair *pp, 784c024c3eeSRobert Watson struct label *pipelabel) 785c024c3eeSRobert Watson { 786c024c3eeSRobert Watson 787c024c3eeSRobert Watson return (0); 788c024c3eeSRobert Watson } 789c024c3eeSRobert Watson 790c024c3eeSRobert Watson static int 79191c2dc94SRobert Watson stub_check_pipe_read(struct ucred *cred, struct pipepair *pp, 792c024c3eeSRobert Watson struct label *pipelabel) 793d8a7b7a3SRobert Watson { 794d8a7b7a3SRobert Watson 795d8a7b7a3SRobert Watson return (0); 796d8a7b7a3SRobert Watson } 797d8a7b7a3SRobert Watson 798d8a7b7a3SRobert Watson static int 79991c2dc94SRobert Watson stub_check_pipe_relabel(struct ucred *cred, struct pipepair *pp, 800d8a7b7a3SRobert Watson struct label *pipelabel, struct label *newlabel) 801d8a7b7a3SRobert Watson { 802d8a7b7a3SRobert Watson 803d8a7b7a3SRobert Watson return (0); 804d8a7b7a3SRobert Watson } 805d8a7b7a3SRobert Watson 806d8a7b7a3SRobert Watson static int 80791c2dc94SRobert Watson stub_check_pipe_stat(struct ucred *cred, struct pipepair *pp, 808c024c3eeSRobert Watson struct label *pipelabel) 809c024c3eeSRobert Watson { 810c024c3eeSRobert Watson 811c024c3eeSRobert Watson return (0); 812c024c3eeSRobert Watson } 813c024c3eeSRobert Watson 814c024c3eeSRobert Watson static int 81591c2dc94SRobert Watson stub_check_pipe_write(struct ucred *cred, struct pipepair *pp, 816c024c3eeSRobert Watson struct label *pipelabel) 817c024c3eeSRobert Watson { 818c024c3eeSRobert Watson 819c024c3eeSRobert Watson return (0); 820c024c3eeSRobert Watson } 821c024c3eeSRobert Watson 822c024c3eeSRobert Watson static int 82352648411SRobert Watson stub_check_posix_sem_destroy(struct ucred *cred, struct ksem *ksemptr, 82452648411SRobert Watson struct label *ks_label) 82552648411SRobert Watson { 82652648411SRobert Watson 82752648411SRobert Watson return (0); 82852648411SRobert Watson } 82952648411SRobert Watson 83052648411SRobert Watson static int 83152648411SRobert Watson stub_check_posix_sem_getvalue(struct ucred *cred, struct ksem *ksemptr, 83252648411SRobert Watson struct label *ks_label) 83352648411SRobert Watson { 83452648411SRobert Watson 83552648411SRobert Watson return (0); 83652648411SRobert Watson } 83752648411SRobert Watson 83852648411SRobert Watson static int 83952648411SRobert Watson stub_check_posix_sem_open(struct ucred *cred, struct ksem *ksemptr, 84052648411SRobert Watson struct label *ks_label) 84152648411SRobert Watson { 84252648411SRobert Watson 84352648411SRobert Watson return (0); 84452648411SRobert Watson } 84552648411SRobert Watson 84652648411SRobert Watson static int 84752648411SRobert Watson stub_check_posix_sem_post(struct ucred *cred, struct ksem *ksemptr, 84852648411SRobert Watson struct label *ks_label) 84952648411SRobert Watson { 85052648411SRobert Watson 85152648411SRobert Watson return (0); 85252648411SRobert Watson } 85352648411SRobert Watson 85452648411SRobert Watson static int 85552648411SRobert Watson stub_check_posix_sem_unlink(struct ucred *cred, struct ksem *ksemptr, 85652648411SRobert Watson struct label *ks_label) 85752648411SRobert Watson { 85852648411SRobert Watson 85952648411SRobert Watson return (0); 86052648411SRobert Watson } 86152648411SRobert Watson 86252648411SRobert Watson static int 86352648411SRobert Watson stub_check_posix_sem_wait(struct ucred *cred, struct ksem *ksemptr, 86452648411SRobert Watson struct label *ks_label) 86552648411SRobert Watson { 86652648411SRobert Watson 86752648411SRobert Watson return (0); 86852648411SRobert Watson } 86952648411SRobert Watson 87052648411SRobert Watson static int 8711c3f91cdSRobert Watson stub_check_proc_debug(struct ucred *cred, struct proc *proc) 872d8a7b7a3SRobert Watson { 873d8a7b7a3SRobert Watson 874d8a7b7a3SRobert Watson return (0); 875d8a7b7a3SRobert Watson } 876d8a7b7a3SRobert Watson 877d8a7b7a3SRobert Watson static int 8781c3f91cdSRobert Watson stub_check_proc_sched(struct ucred *cred, struct proc *proc) 879d8a7b7a3SRobert Watson { 880d8a7b7a3SRobert Watson 881d8a7b7a3SRobert Watson return (0); 882d8a7b7a3SRobert Watson } 883d8a7b7a3SRobert Watson 884d8a7b7a3SRobert Watson static int 8851c3f91cdSRobert Watson stub_check_proc_signal(struct ucred *cred, struct proc *proc, int signum) 886d8a7b7a3SRobert Watson { 887d8a7b7a3SRobert Watson 888d8a7b7a3SRobert Watson return (0); 889d8a7b7a3SRobert Watson } 890d8a7b7a3SRobert Watson 891d8a7b7a3SRobert Watson static int 892babe9a2bSRobert Watson stub_check_proc_wait(struct ucred *cred, struct proc *proc) 893babe9a2bSRobert Watson { 894babe9a2bSRobert Watson 895babe9a2bSRobert Watson return (0); 896babe9a2bSRobert Watson } 897babe9a2bSRobert Watson 898babe9a2bSRobert Watson static int 899030a28b3SRobert Watson stub_check_proc_setuid(struct ucred *cred, uid_t uid) 900030a28b3SRobert Watson { 901030a28b3SRobert Watson 902030a28b3SRobert Watson return (0); 903030a28b3SRobert Watson } 904030a28b3SRobert Watson 905030a28b3SRobert Watson static int 906030a28b3SRobert Watson stub_check_proc_seteuid(struct ucred *cred, uid_t euid) 907030a28b3SRobert Watson { 908030a28b3SRobert Watson 909030a28b3SRobert Watson return (0); 910030a28b3SRobert Watson } 911030a28b3SRobert Watson 912030a28b3SRobert Watson static int 913030a28b3SRobert Watson stub_check_proc_setgid(struct ucred *cred, gid_t gid) 914030a28b3SRobert Watson { 915030a28b3SRobert Watson 916030a28b3SRobert Watson return (0); 917030a28b3SRobert Watson } 918030a28b3SRobert Watson 919030a28b3SRobert Watson static int 920030a28b3SRobert Watson stub_check_proc_setegid(struct ucred *cred, gid_t egid) 921030a28b3SRobert Watson { 922030a28b3SRobert Watson 923030a28b3SRobert Watson return (0); 924030a28b3SRobert Watson } 925030a28b3SRobert Watson 926030a28b3SRobert Watson static int 927030a28b3SRobert Watson stub_check_proc_setgroups(struct ucred *cred, int ngroups, 928030a28b3SRobert Watson gid_t *gidset) 929030a28b3SRobert Watson { 930030a28b3SRobert Watson 931030a28b3SRobert Watson return (0); 932030a28b3SRobert Watson } 933030a28b3SRobert Watson 934030a28b3SRobert Watson static int 935030a28b3SRobert Watson stub_check_proc_setreuid(struct ucred *cred, uid_t ruid, uid_t euid) 936030a28b3SRobert Watson { 937030a28b3SRobert Watson 938030a28b3SRobert Watson return (0); 939030a28b3SRobert Watson } 940030a28b3SRobert Watson 941030a28b3SRobert Watson static int 942030a28b3SRobert Watson stub_check_proc_setregid(struct ucred *cred, gid_t rgid, gid_t egid) 943030a28b3SRobert Watson { 944030a28b3SRobert Watson 945030a28b3SRobert Watson return (0); 946030a28b3SRobert Watson } 947030a28b3SRobert Watson 948030a28b3SRobert Watson static int 949030a28b3SRobert Watson stub_check_proc_setresuid(struct ucred *cred, uid_t ruid, uid_t euid, 950030a28b3SRobert Watson uid_t suid) 951030a28b3SRobert Watson { 952030a28b3SRobert Watson 953030a28b3SRobert Watson return (0); 954030a28b3SRobert Watson } 955030a28b3SRobert Watson 956030a28b3SRobert Watson static int 957030a28b3SRobert Watson stub_check_proc_setresgid(struct ucred *cred, gid_t rgid, gid_t egid, 958030a28b3SRobert Watson gid_t sgid) 959030a28b3SRobert Watson { 960030a28b3SRobert Watson 961030a28b3SRobert Watson return (0); 962030a28b3SRobert Watson } 963030a28b3SRobert Watson 964030a28b3SRobert Watson static int 9657f53207bSRobert Watson stub_check_socket_accept(struct ucred *cred, struct socket *socket, 9667f53207bSRobert Watson struct label *socketlabel) 9677f53207bSRobert Watson { 9687f53207bSRobert Watson 9697f53207bSRobert Watson return (0); 9707f53207bSRobert Watson } 9717f53207bSRobert Watson 9727f53207bSRobert Watson static int 9731c3f91cdSRobert Watson stub_check_socket_bind(struct ucred *cred, struct socket *socket, 974d8a7b7a3SRobert Watson struct label *socketlabel, struct sockaddr *sockaddr) 975d8a7b7a3SRobert Watson { 976d8a7b7a3SRobert Watson 977d8a7b7a3SRobert Watson return (0); 978d8a7b7a3SRobert Watson } 979d8a7b7a3SRobert Watson 980d8a7b7a3SRobert Watson static int 9811c3f91cdSRobert Watson stub_check_socket_connect(struct ucred *cred, struct socket *socket, 982d8a7b7a3SRobert Watson struct label *socketlabel, struct sockaddr *sockaddr) 983d8a7b7a3SRobert Watson { 984d8a7b7a3SRobert Watson 985d8a7b7a3SRobert Watson return (0); 986d8a7b7a3SRobert Watson } 987d8a7b7a3SRobert Watson 988d8a7b7a3SRobert Watson static int 9896758f88eSRobert Watson stub_check_socket_create(struct ucred *cred, int domain, int type, 9906758f88eSRobert Watson int protocol) 9916758f88eSRobert Watson { 9926758f88eSRobert Watson 9936758f88eSRobert Watson return (0); 9946758f88eSRobert Watson } 9956758f88eSRobert Watson 9966758f88eSRobert Watson static int 9971c3f91cdSRobert Watson stub_check_socket_deliver(struct socket *so, struct label *socketlabel, 998fb95b5d3SRobert Watson struct mbuf *m, struct label *mbuflabel) 999d8a7b7a3SRobert Watson { 1000d8a7b7a3SRobert Watson 1001d8a7b7a3SRobert Watson return (0); 1002d8a7b7a3SRobert Watson } 1003d8a7b7a3SRobert Watson 1004d8a7b7a3SRobert Watson static int 10051c3f91cdSRobert Watson stub_check_socket_listen(struct ucred *cred, struct socket *so, 1006fb95b5d3SRobert Watson struct label *socketlabel) 1007d8a7b7a3SRobert Watson { 1008d8a7b7a3SRobert Watson 1009d8a7b7a3SRobert Watson return (0); 1010d8a7b7a3SRobert Watson } 1011d8a7b7a3SRobert Watson 1012d8a7b7a3SRobert Watson static int 10137f53207bSRobert Watson stub_check_socket_poll(struct ucred *cred, struct socket *so, 10147f53207bSRobert Watson struct label *socketlabel) 10157f53207bSRobert Watson { 10167f53207bSRobert Watson 10177f53207bSRobert Watson return (0); 10187f53207bSRobert Watson } 10197f53207bSRobert Watson 10207f53207bSRobert Watson static int 10217f53207bSRobert Watson stub_check_socket_receive(struct ucred *cred, struct socket *so, 10227f53207bSRobert Watson struct label *socketlabel) 10237f53207bSRobert Watson { 10247f53207bSRobert Watson 10257f53207bSRobert Watson return (0); 10267f53207bSRobert Watson } 10277f53207bSRobert Watson 10287f53207bSRobert Watson static int 10291c3f91cdSRobert Watson stub_check_socket_relabel(struct ucred *cred, struct socket *socket, 1030d8a7b7a3SRobert Watson struct label *socketlabel, struct label *newlabel) 1031d8a7b7a3SRobert Watson { 1032d8a7b7a3SRobert Watson 1033d8a7b7a3SRobert Watson return (0); 1034d8a7b7a3SRobert Watson } 10357f53207bSRobert Watson static int 10367f53207bSRobert Watson stub_check_socket_send(struct ucred *cred, struct socket *so, 10377f53207bSRobert Watson struct label *socketlabel) 10387f53207bSRobert Watson { 10397f53207bSRobert Watson 10407f53207bSRobert Watson return (0); 10417f53207bSRobert Watson } 10427f53207bSRobert Watson 10437f53207bSRobert Watson static int 10447f53207bSRobert Watson stub_check_socket_stat(struct ucred *cred, struct socket *so, 10457f53207bSRobert Watson struct label *socketlabel) 10467f53207bSRobert Watson { 10477f53207bSRobert Watson 10487f53207bSRobert Watson return (0); 10497f53207bSRobert Watson } 1050d8a7b7a3SRobert Watson 1051d8a7b7a3SRobert Watson static int 10521c3f91cdSRobert Watson stub_check_socket_visible(struct ucred *cred, struct socket *socket, 1053d8a7b7a3SRobert Watson struct label *socketlabel) 1054d8a7b7a3SRobert Watson { 1055d8a7b7a3SRobert Watson 1056d8a7b7a3SRobert Watson return (0); 1057d8a7b7a3SRobert Watson } 1058d8a7b7a3SRobert Watson 1059d8a7b7a3SRobert Watson static int 10601c3f91cdSRobert Watson stub_check_sysarch_ioperm(struct ucred *cred) 106109de2dc2SRobert Watson { 106209de2dc2SRobert Watson 106309de2dc2SRobert Watson return (0); 106409de2dc2SRobert Watson } 106509de2dc2SRobert Watson 106609de2dc2SRobert Watson static int 10671c3f91cdSRobert Watson stub_check_system_acct(struct ucred *cred, struct vnode *vp, 106809de2dc2SRobert Watson struct label *vlabel) 106909de2dc2SRobert Watson { 107009de2dc2SRobert Watson 107109de2dc2SRobert Watson return (0); 107209de2dc2SRobert Watson } 107309de2dc2SRobert Watson 107409de2dc2SRobert Watson static int 10751c3f91cdSRobert Watson stub_check_system_reboot(struct ucred *cred, int how) 1076927f6069SRobert Watson { 1077927f6069SRobert Watson 1078927f6069SRobert Watson return (0); 1079927f6069SRobert Watson } 1080927f6069SRobert Watson 1081927f6069SRobert Watson static int 10821c3f91cdSRobert Watson stub_check_system_settime(struct ucred *cred) 108309de2dc2SRobert Watson { 108409de2dc2SRobert Watson 108509de2dc2SRobert Watson return (0); 108609de2dc2SRobert Watson } 108709de2dc2SRobert Watson 108809de2dc2SRobert Watson static int 10891c3f91cdSRobert Watson stub_check_system_swapon(struct ucred *cred, struct vnode *vp, 1090927f6069SRobert Watson struct label *label) 1091927f6069SRobert Watson { 1092927f6069SRobert Watson 1093927f6069SRobert Watson return (0); 1094927f6069SRobert Watson } 1095927f6069SRobert Watson 1096927f6069SRobert Watson static int 10971c3f91cdSRobert Watson stub_check_system_swapoff(struct ucred *cred, struct vnode *vp, 109809de2dc2SRobert Watson struct label *label) 109909de2dc2SRobert Watson { 110009de2dc2SRobert Watson 110109de2dc2SRobert Watson return (0); 110209de2dc2SRobert Watson } 110309de2dc2SRobert Watson 110409de2dc2SRobert Watson static int 110563dba32bSPawel Jakub Dawidek stub_check_system_sysctl(struct ucred *cred, struct sysctl_oid *oidp, 110663dba32bSPawel Jakub Dawidek void *arg1, int arg2, struct sysctl_req *req) 1107927f6069SRobert Watson { 1108927f6069SRobert Watson 1109927f6069SRobert Watson return (0); 1110927f6069SRobert Watson } 1111927f6069SRobert Watson 1112927f6069SRobert Watson static int 11131c3f91cdSRobert Watson stub_check_vnode_access(struct ucred *cred, struct vnode *vp, 1114b914de36SRobert Watson struct label *label, int acc_mode) 1115d8a7b7a3SRobert Watson { 1116d8a7b7a3SRobert Watson 1117d8a7b7a3SRobert Watson return (0); 1118d8a7b7a3SRobert Watson } 1119d8a7b7a3SRobert Watson 1120d8a7b7a3SRobert Watson static int 11211c3f91cdSRobert Watson stub_check_vnode_chdir(struct ucred *cred, struct vnode *dvp, 1122d8a7b7a3SRobert Watson struct label *dlabel) 1123d8a7b7a3SRobert Watson { 1124d8a7b7a3SRobert Watson 1125d8a7b7a3SRobert Watson return (0); 1126d8a7b7a3SRobert Watson } 1127d8a7b7a3SRobert Watson 1128d8a7b7a3SRobert Watson static int 11291c3f91cdSRobert Watson stub_check_vnode_chroot(struct ucred *cred, struct vnode *dvp, 1130d8a7b7a3SRobert Watson struct label *dlabel) 1131d8a7b7a3SRobert Watson { 1132d8a7b7a3SRobert Watson 1133d8a7b7a3SRobert Watson return (0); 1134d8a7b7a3SRobert Watson } 1135d8a7b7a3SRobert Watson 1136d8a7b7a3SRobert Watson static int 11371c3f91cdSRobert Watson stub_check_vnode_create(struct ucred *cred, struct vnode *dvp, 1138d8a7b7a3SRobert Watson struct label *dlabel, struct componentname *cnp, struct vattr *vap) 1139d8a7b7a3SRobert Watson { 1140d8a7b7a3SRobert Watson 1141d8a7b7a3SRobert Watson return (0); 1142d8a7b7a3SRobert Watson } 1143d8a7b7a3SRobert Watson 1144d8a7b7a3SRobert Watson static int 11451c3f91cdSRobert Watson stub_check_vnode_delete(struct ucred *cred, struct vnode *dvp, 1146d8a7b7a3SRobert Watson struct label *dlabel, struct vnode *vp, struct label *label, 1147d8a7b7a3SRobert Watson struct componentname *cnp) 1148d8a7b7a3SRobert Watson { 1149d8a7b7a3SRobert Watson 1150d8a7b7a3SRobert Watson return (0); 1151d8a7b7a3SRobert Watson } 1152d8a7b7a3SRobert Watson 1153d8a7b7a3SRobert Watson static int 11541c3f91cdSRobert Watson stub_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, 1155d8a7b7a3SRobert Watson struct label *label, acl_type_t type) 1156d8a7b7a3SRobert Watson { 1157d8a7b7a3SRobert Watson 1158d8a7b7a3SRobert Watson return (0); 1159d8a7b7a3SRobert Watson } 1160d8a7b7a3SRobert Watson 1161d8a7b7a3SRobert Watson static int 116264f00af8SRobert Watson stub_check_vnode_deleteextattr(struct ucred *cred, struct vnode *vp, 116364f00af8SRobert Watson struct label *label, int attrnamespace, const char *name) 116464f00af8SRobert Watson { 116564f00af8SRobert Watson 116664f00af8SRobert Watson return (0); 116764f00af8SRobert Watson } 116864f00af8SRobert Watson 116964f00af8SRobert Watson static int 11701c3f91cdSRobert Watson stub_check_vnode_exec(struct ucred *cred, struct vnode *vp, 1171ef5def59SRobert Watson struct label *label, struct image_params *imgp, 1172ef5def59SRobert Watson struct label *execlabel) 1173d8a7b7a3SRobert Watson { 1174d8a7b7a3SRobert Watson 1175d8a7b7a3SRobert Watson return (0); 1176d8a7b7a3SRobert Watson } 1177d8a7b7a3SRobert Watson 1178d8a7b7a3SRobert Watson static int 11791c3f91cdSRobert Watson stub_check_vnode_getacl(struct ucred *cred, struct vnode *vp, 1180d8a7b7a3SRobert Watson struct label *label, acl_type_t type) 1181d8a7b7a3SRobert Watson { 1182d8a7b7a3SRobert Watson 1183d8a7b7a3SRobert Watson return (0); 1184d8a7b7a3SRobert Watson } 1185d8a7b7a3SRobert Watson 1186d8a7b7a3SRobert Watson static int 11871c3f91cdSRobert Watson stub_check_vnode_getextattr(struct ucred *cred, struct vnode *vp, 1188d8a7b7a3SRobert Watson struct label *label, int attrnamespace, const char *name, struct uio *uio) 1189d8a7b7a3SRobert Watson { 1190d8a7b7a3SRobert Watson 1191d8a7b7a3SRobert Watson return (0); 1192d8a7b7a3SRobert Watson } 1193d8a7b7a3SRobert Watson 1194d8a7b7a3SRobert Watson static int 11951c3f91cdSRobert Watson stub_check_vnode_link(struct ucred *cred, struct vnode *dvp, 1196c27b50f5SRobert Watson struct label *dlabel, struct vnode *vp, struct label *label, 1197c27b50f5SRobert Watson struct componentname *cnp) 1198c27b50f5SRobert Watson { 1199c27b50f5SRobert Watson 1200c27b50f5SRobert Watson return (0); 1201c27b50f5SRobert Watson } 1202c27b50f5SRobert Watson 1203c27b50f5SRobert Watson static int 120464f00af8SRobert Watson stub_check_vnode_listextattr(struct ucred *cred, struct vnode *vp, 120564f00af8SRobert Watson struct label *label, int attrnamespace) 120664f00af8SRobert Watson { 120764f00af8SRobert Watson 120864f00af8SRobert Watson return (0); 120964f00af8SRobert Watson } 121064f00af8SRobert Watson 121164f00af8SRobert Watson static int 12121c3f91cdSRobert Watson stub_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, 1213d8a7b7a3SRobert Watson struct label *dlabel, struct componentname *cnp) 1214d8a7b7a3SRobert Watson { 1215d8a7b7a3SRobert Watson 1216d8a7b7a3SRobert Watson return (0); 1217d8a7b7a3SRobert Watson } 1218d8a7b7a3SRobert Watson 1219d8a7b7a3SRobert Watson static int 12201c3f91cdSRobert Watson stub_check_vnode_mmap(struct ucred *cred, struct vnode *vp, 1221c92163dcSChristian S.J. Peron struct label *label, int prot, int flags) 1222e183f80eSRobert Watson { 1223e183f80eSRobert Watson 1224e183f80eSRobert Watson return (0); 1225e183f80eSRobert Watson } 1226e183f80eSRobert Watson 1227e183f80eSRobert Watson static int 12281c3f91cdSRobert Watson stub_check_vnode_open(struct ucred *cred, struct vnode *vp, 1229b914de36SRobert Watson struct label *filelabel, int acc_mode) 1230d8a7b7a3SRobert Watson { 1231d8a7b7a3SRobert Watson 1232d8a7b7a3SRobert Watson return (0); 1233d8a7b7a3SRobert Watson } 1234d8a7b7a3SRobert Watson 1235d8a7b7a3SRobert Watson static int 12361c3f91cdSRobert Watson stub_check_vnode_poll(struct ucred *active_cred, struct ucred *file_cred, 1237177142e4SRobert Watson struct vnode *vp, struct label *label) 12387f724f8bSRobert Watson { 12397f724f8bSRobert Watson 12407f724f8bSRobert Watson return (0); 12417f724f8bSRobert Watson } 12427f724f8bSRobert Watson 12437f724f8bSRobert Watson static int 12441c3f91cdSRobert Watson stub_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred, 1245177142e4SRobert Watson struct vnode *vp, struct label *label) 12467f724f8bSRobert Watson { 12477f724f8bSRobert Watson 12487f724f8bSRobert Watson return (0); 12497f724f8bSRobert Watson } 12507f724f8bSRobert Watson 12517f724f8bSRobert Watson static int 12521c3f91cdSRobert Watson stub_check_vnode_readdir(struct ucred *cred, struct vnode *vp, 1253d8a7b7a3SRobert Watson struct label *dlabel) 1254d8a7b7a3SRobert Watson { 1255d8a7b7a3SRobert Watson 1256d8a7b7a3SRobert Watson return (0); 1257d8a7b7a3SRobert Watson } 1258d8a7b7a3SRobert Watson 1259d8a7b7a3SRobert Watson static int 12601c3f91cdSRobert Watson stub_check_vnode_readlink(struct ucred *cred, struct vnode *vp, 1261d8a7b7a3SRobert Watson struct label *vnodelabel) 1262d8a7b7a3SRobert Watson { 1263d8a7b7a3SRobert Watson 1264d8a7b7a3SRobert Watson return (0); 1265d8a7b7a3SRobert Watson } 1266d8a7b7a3SRobert Watson 1267d8a7b7a3SRobert Watson static int 12681c3f91cdSRobert Watson stub_check_vnode_relabel(struct ucred *cred, struct vnode *vp, 1269d8a7b7a3SRobert Watson struct label *vnodelabel, struct label *newlabel) 1270d8a7b7a3SRobert Watson { 1271d8a7b7a3SRobert Watson 1272d8a7b7a3SRobert Watson return (0); 1273d8a7b7a3SRobert Watson } 1274d8a7b7a3SRobert Watson 1275d8a7b7a3SRobert Watson static int 12761c3f91cdSRobert Watson stub_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp, 1277d8a7b7a3SRobert Watson struct label *dlabel, struct vnode *vp, struct label *label, 1278d8a7b7a3SRobert Watson struct componentname *cnp) 1279d8a7b7a3SRobert Watson { 1280d8a7b7a3SRobert Watson 1281d8a7b7a3SRobert Watson return (0); 1282d8a7b7a3SRobert Watson } 1283d8a7b7a3SRobert Watson 1284d8a7b7a3SRobert Watson static int 12851c3f91cdSRobert Watson stub_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp, 1286d8a7b7a3SRobert Watson struct label *dlabel, struct vnode *vp, struct label *label, int samedir, 1287d8a7b7a3SRobert Watson struct componentname *cnp) 1288d8a7b7a3SRobert Watson { 1289d8a7b7a3SRobert Watson 1290d8a7b7a3SRobert Watson return (0); 1291d8a7b7a3SRobert Watson } 1292d8a7b7a3SRobert Watson 1293d8a7b7a3SRobert Watson static int 12941c3f91cdSRobert Watson stub_check_vnode_revoke(struct ucred *cred, struct vnode *vp, 1295d8a7b7a3SRobert Watson struct label *label) 1296d8a7b7a3SRobert Watson { 1297d8a7b7a3SRobert Watson 1298d8a7b7a3SRobert Watson return (0); 1299d8a7b7a3SRobert Watson } 1300d8a7b7a3SRobert Watson 1301d8a7b7a3SRobert Watson static int 13021c3f91cdSRobert Watson stub_check_vnode_setacl(struct ucred *cred, struct vnode *vp, 1303d8a7b7a3SRobert Watson struct label *label, acl_type_t type, struct acl *acl) 1304d8a7b7a3SRobert Watson { 1305d8a7b7a3SRobert Watson 1306d8a7b7a3SRobert Watson return (0); 1307d8a7b7a3SRobert Watson } 1308d8a7b7a3SRobert Watson 1309d8a7b7a3SRobert Watson static int 13101c3f91cdSRobert Watson stub_check_vnode_setextattr(struct ucred *cred, struct vnode *vp, 1311d8a7b7a3SRobert Watson struct label *label, int attrnamespace, const char *name, struct uio *uio) 1312d8a7b7a3SRobert Watson { 1313d8a7b7a3SRobert Watson 1314d8a7b7a3SRobert Watson return (0); 1315d8a7b7a3SRobert Watson } 1316d8a7b7a3SRobert Watson 1317d8a7b7a3SRobert Watson static int 13181c3f91cdSRobert Watson stub_check_vnode_setflags(struct ucred *cred, struct vnode *vp, 1319d8a7b7a3SRobert Watson struct label *label, u_long flags) 1320d8a7b7a3SRobert Watson { 1321d8a7b7a3SRobert Watson 1322d8a7b7a3SRobert Watson return (0); 1323d8a7b7a3SRobert Watson } 1324d8a7b7a3SRobert Watson 1325d8a7b7a3SRobert Watson static int 13261c3f91cdSRobert Watson stub_check_vnode_setmode(struct ucred *cred, struct vnode *vp, 1327d8a7b7a3SRobert Watson struct label *label, mode_t mode) 1328d8a7b7a3SRobert Watson { 1329d8a7b7a3SRobert Watson 1330d8a7b7a3SRobert Watson return (0); 1331d8a7b7a3SRobert Watson } 1332d8a7b7a3SRobert Watson 1333d8a7b7a3SRobert Watson static int 13341c3f91cdSRobert Watson stub_check_vnode_setowner(struct ucred *cred, struct vnode *vp, 1335d8a7b7a3SRobert Watson struct label *label, uid_t uid, gid_t gid) 1336d8a7b7a3SRobert Watson { 1337d8a7b7a3SRobert Watson 1338d8a7b7a3SRobert Watson return (0); 1339d8a7b7a3SRobert Watson } 1340d8a7b7a3SRobert Watson 1341d8a7b7a3SRobert Watson static int 13421c3f91cdSRobert Watson stub_check_vnode_setutimes(struct ucred *cred, struct vnode *vp, 1343d8a7b7a3SRobert Watson struct label *label, struct timespec atime, struct timespec mtime) 1344d8a7b7a3SRobert Watson { 1345d8a7b7a3SRobert Watson 1346d8a7b7a3SRobert Watson return (0); 1347d8a7b7a3SRobert Watson } 1348d8a7b7a3SRobert Watson 1349d8a7b7a3SRobert Watson static int 13501c3f91cdSRobert Watson stub_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred, 1351177142e4SRobert Watson struct vnode *vp, struct label *label) 1352d8a7b7a3SRobert Watson { 1353d8a7b7a3SRobert Watson 1354d8a7b7a3SRobert Watson return (0); 1355d8a7b7a3SRobert Watson } 1356d8a7b7a3SRobert Watson 13577f724f8bSRobert Watson static int 13581c3f91cdSRobert Watson stub_check_vnode_write(struct ucred *active_cred, 1359177142e4SRobert Watson struct ucred *file_cred, struct vnode *vp, struct label *label) 13607f724f8bSRobert Watson { 13617f724f8bSRobert Watson 13627f724f8bSRobert Watson return (0); 13637f724f8bSRobert Watson } 13647f724f8bSRobert Watson 1365403b781eSRobert Watson static int 1366403b781eSRobert Watson stub_priv_check(struct ucred *cred, int priv) 1367403b781eSRobert Watson { 1368403b781eSRobert Watson 1369403b781eSRobert Watson return (0); 1370403b781eSRobert Watson } 1371403b781eSRobert Watson 1372403b781eSRobert Watson static int 1373403b781eSRobert Watson stub_priv_grant(struct ucred *cred, int priv) 1374403b781eSRobert Watson { 1375403b781eSRobert Watson 1376403b781eSRobert Watson return (EPERM); 1377403b781eSRobert Watson } 1378403b781eSRobert Watson 13791c3f91cdSRobert Watson static struct mac_policy_ops mac_stub_ops = 1380d8a7b7a3SRobert Watson { 13811c3f91cdSRobert Watson .mpo_destroy = stub_destroy, 13821c3f91cdSRobert Watson .mpo_init = stub_init, 13831c3f91cdSRobert Watson .mpo_syscall = stub_syscall, 13841c3f91cdSRobert Watson .mpo_init_bpfdesc_label = stub_init_label, 13851c3f91cdSRobert Watson .mpo_init_cred_label = stub_init_label, 13861c3f91cdSRobert Watson .mpo_init_devfsdirent_label = stub_init_label, 13871c3f91cdSRobert Watson .mpo_init_ifnet_label = stub_init_label, 1388a557af22SRobert Watson .mpo_init_inpcb_label = stub_init_label_waitcheck, 1389ba53d9c9SRobert Watson .mpo_init_sysv_msgmsg_label = stub_init_label, 1390ba53d9c9SRobert Watson .mpo_init_sysv_msgqueue_label = stub_init_label, 13913831e7d7SRobert Watson .mpo_init_sysv_sem_label = stub_init_label, 1392ba53d9c9SRobert Watson .mpo_init_sysv_shm_label = stub_init_label, 13931c3f91cdSRobert Watson .mpo_init_ipq_label = stub_init_label_waitcheck, 13941c3f91cdSRobert Watson .mpo_init_mbuf_label = stub_init_label_waitcheck, 13951c3f91cdSRobert Watson .mpo_init_mount_label = stub_init_label, 13961c3f91cdSRobert Watson .mpo_init_mount_fs_label = stub_init_label, 13971c3f91cdSRobert Watson .mpo_init_pipe_label = stub_init_label, 139852648411SRobert Watson .mpo_init_posix_sem_label = stub_init_label, 13991c3f91cdSRobert Watson .mpo_init_socket_label = stub_init_label_waitcheck, 14001c3f91cdSRobert Watson .mpo_init_socket_peer_label = stub_init_label_waitcheck, 14011c3f91cdSRobert Watson .mpo_init_vnode_label = stub_init_label, 14021c3f91cdSRobert Watson .mpo_destroy_bpfdesc_label = stub_destroy_label, 14031c3f91cdSRobert Watson .mpo_destroy_cred_label = stub_destroy_label, 14041c3f91cdSRobert Watson .mpo_destroy_devfsdirent_label = stub_destroy_label, 14051c3f91cdSRobert Watson .mpo_destroy_ifnet_label = stub_destroy_label, 1406a557af22SRobert Watson .mpo_destroy_inpcb_label = stub_destroy_label, 1407ba53d9c9SRobert Watson .mpo_destroy_sysv_msgmsg_label = stub_destroy_label, 1408ba53d9c9SRobert Watson .mpo_destroy_sysv_msgqueue_label = stub_destroy_label, 14093831e7d7SRobert Watson .mpo_destroy_sysv_sem_label = stub_destroy_label, 1410ba53d9c9SRobert Watson .mpo_destroy_sysv_shm_label = stub_destroy_label, 14111c3f91cdSRobert Watson .mpo_destroy_ipq_label = stub_destroy_label, 14121c3f91cdSRobert Watson .mpo_destroy_mbuf_label = stub_destroy_label, 14131c3f91cdSRobert Watson .mpo_destroy_mount_label = stub_destroy_label, 14141c3f91cdSRobert Watson .mpo_destroy_mount_fs_label = stub_destroy_label, 14151c3f91cdSRobert Watson .mpo_destroy_pipe_label = stub_destroy_label, 141652648411SRobert Watson .mpo_destroy_posix_sem_label = stub_destroy_label, 14171c3f91cdSRobert Watson .mpo_destroy_socket_label = stub_destroy_label, 14181c3f91cdSRobert Watson .mpo_destroy_socket_peer_label = stub_destroy_label, 14191c3f91cdSRobert Watson .mpo_destroy_vnode_label = stub_destroy_label, 142056d9e932SRobert Watson .mpo_copy_cred_label = stub_copy_label, 14212220907bSRobert Watson .mpo_copy_ifnet_label = stub_copy_label, 14220196273bSRobert Watson .mpo_copy_mbuf_label = stub_copy_label, 14230196273bSRobert Watson .mpo_copy_pipe_label = stub_copy_label, 1424b0323ea3SRobert Watson .mpo_copy_socket_label = stub_copy_label, 14250196273bSRobert Watson .mpo_copy_vnode_label = stub_copy_label, 14261c3f91cdSRobert Watson .mpo_externalize_cred_label = stub_externalize_label, 14271c3f91cdSRobert Watson .mpo_externalize_ifnet_label = stub_externalize_label, 14281c3f91cdSRobert Watson .mpo_externalize_pipe_label = stub_externalize_label, 14291c3f91cdSRobert Watson .mpo_externalize_socket_label = stub_externalize_label, 14301c3f91cdSRobert Watson .mpo_externalize_socket_peer_label = stub_externalize_label, 14311c3f91cdSRobert Watson .mpo_externalize_vnode_label = stub_externalize_label, 14321c3f91cdSRobert Watson .mpo_internalize_cred_label = stub_internalize_label, 14331c3f91cdSRobert Watson .mpo_internalize_ifnet_label = stub_internalize_label, 14341c3f91cdSRobert Watson .mpo_internalize_pipe_label = stub_internalize_label, 14351c3f91cdSRobert Watson .mpo_internalize_socket_label = stub_internalize_label, 14361c3f91cdSRobert Watson .mpo_internalize_vnode_label = stub_internalize_label, 14371c3f91cdSRobert Watson .mpo_associate_vnode_devfs = stub_associate_vnode_devfs, 14381c3f91cdSRobert Watson .mpo_associate_vnode_extattr = stub_associate_vnode_extattr, 14391c3f91cdSRobert Watson .mpo_associate_vnode_singlelabel = stub_associate_vnode_singlelabel, 14401c3f91cdSRobert Watson .mpo_create_devfs_device = stub_create_devfs_device, 14411c3f91cdSRobert Watson .mpo_create_devfs_directory = stub_create_devfs_directory, 14421c3f91cdSRobert Watson .mpo_create_devfs_symlink = stub_create_devfs_symlink, 1443ba53d9c9SRobert Watson .mpo_create_sysv_msgmsg = stub_create_sysv_msgmsg, 1444ba53d9c9SRobert Watson .mpo_create_sysv_msgqueue = stub_create_sysv_msgqueue, 14453831e7d7SRobert Watson .mpo_create_sysv_sem = stub_create_sysv_sem, 1446ba53d9c9SRobert Watson .mpo_create_sysv_shm = stub_create_sysv_shm, 14471c3f91cdSRobert Watson .mpo_create_vnode_extattr = stub_create_vnode_extattr, 14481c3f91cdSRobert Watson .mpo_create_mount = stub_create_mount, 14491c3f91cdSRobert Watson .mpo_relabel_vnode = stub_relabel_vnode, 14501c3f91cdSRobert Watson .mpo_setlabel_vnode_extattr = stub_setlabel_vnode_extattr, 14511c3f91cdSRobert Watson .mpo_update_devfsdirent = stub_update_devfsdirent, 14521c3f91cdSRobert Watson .mpo_create_mbuf_from_socket = stub_create_mbuf_from_socket, 14531c3f91cdSRobert Watson .mpo_create_pipe = stub_create_pipe, 145452648411SRobert Watson .mpo_create_posix_sem = stub_create_posix_sem, 14551c3f91cdSRobert Watson .mpo_create_socket = stub_create_socket, 14561c3f91cdSRobert Watson .mpo_create_socket_from_socket = stub_create_socket_from_socket, 14571c3f91cdSRobert Watson .mpo_relabel_pipe = stub_relabel_pipe, 14581c3f91cdSRobert Watson .mpo_relabel_socket = stub_relabel_socket, 14591c3f91cdSRobert Watson .mpo_set_socket_peer_from_mbuf = stub_set_socket_peer_from_mbuf, 14601c3f91cdSRobert Watson .mpo_set_socket_peer_from_socket = stub_set_socket_peer_from_socket, 14611c3f91cdSRobert Watson .mpo_create_bpfdesc = stub_create_bpfdesc, 14621c3f91cdSRobert Watson .mpo_create_ifnet = stub_create_ifnet, 1463a557af22SRobert Watson .mpo_create_inpcb_from_socket = stub_create_inpcb_from_socket, 14641c3f91cdSRobert Watson .mpo_create_ipq = stub_create_ipq, 14651c3f91cdSRobert Watson .mpo_create_datagram_from_ipq = stub_create_datagram_from_ipq, 14661c3f91cdSRobert Watson .mpo_create_fragment = stub_create_fragment, 14672d92ec98SRobert Watson .mpo_create_mbuf_from_inpcb = stub_create_mbuf_from_inpcb, 14681c3f91cdSRobert Watson .mpo_create_mbuf_linklayer = stub_create_mbuf_linklayer, 14691c3f91cdSRobert Watson .mpo_create_mbuf_from_bpfdesc = stub_create_mbuf_from_bpfdesc, 14701c3f91cdSRobert Watson .mpo_create_mbuf_from_ifnet = stub_create_mbuf_from_ifnet, 14711c3f91cdSRobert Watson .mpo_create_mbuf_multicast_encap = stub_create_mbuf_multicast_encap, 14721c3f91cdSRobert Watson .mpo_create_mbuf_netlayer = stub_create_mbuf_netlayer, 14731c3f91cdSRobert Watson .mpo_fragment_match = stub_fragment_match, 147464f00af8SRobert Watson .mpo_reflect_mbuf_icmp = stub_reflect_mbuf_icmp, 147564f00af8SRobert Watson .mpo_reflect_mbuf_tcp = stub_reflect_mbuf_tcp, 14761c3f91cdSRobert Watson .mpo_relabel_ifnet = stub_relabel_ifnet, 14771c3f91cdSRobert Watson .mpo_update_ipq = stub_update_ipq, 1478a557af22SRobert Watson .mpo_inpcb_sosetlabel = stub_inpcb_sosetlabel, 14791c3f91cdSRobert Watson .mpo_execve_transition = stub_execve_transition, 14801c3f91cdSRobert Watson .mpo_execve_will_transition = stub_execve_will_transition, 14811c3f91cdSRobert Watson .mpo_create_proc0 = stub_create_proc0, 14821c3f91cdSRobert Watson .mpo_create_proc1 = stub_create_proc1, 14831c3f91cdSRobert Watson .mpo_relabel_cred = stub_relabel_cred, 14841c3f91cdSRobert Watson .mpo_thread_userret = stub_thread_userret, 1485ba53d9c9SRobert Watson .mpo_cleanup_sysv_msgmsg = stub_cleanup_sysv_msgmsg, 1486ba53d9c9SRobert Watson .mpo_cleanup_sysv_msgqueue = stub_cleanup_sysv_msgqueue, 14873831e7d7SRobert Watson .mpo_cleanup_sysv_sem = stub_cleanup_sysv_sem, 1488ba53d9c9SRobert Watson .mpo_cleanup_sysv_shm = stub_cleanup_sysv_shm, 14891c3f91cdSRobert Watson .mpo_check_bpfdesc_receive = stub_check_bpfdesc_receive, 14901c3f91cdSRobert Watson .mpo_check_cred_relabel = stub_check_cred_relabel, 14911c3f91cdSRobert Watson .mpo_check_cred_visible = stub_check_cred_visible, 14921c3f91cdSRobert Watson .mpo_check_ifnet_relabel = stub_check_ifnet_relabel, 14931c3f91cdSRobert Watson .mpo_check_ifnet_transmit = stub_check_ifnet_transmit, 1494a557af22SRobert Watson .mpo_check_inpcb_deliver = stub_check_inpcb_deliver, 1495ba53d9c9SRobert Watson .mpo_check_sysv_msgmsq = stub_check_sysv_msgmsq, 1496ba53d9c9SRobert Watson .mpo_check_sysv_msgrcv = stub_check_sysv_msgrcv, 1497ba53d9c9SRobert Watson .mpo_check_sysv_msgrmid = stub_check_sysv_msgrmid, 1498ba53d9c9SRobert Watson .mpo_check_sysv_msqget = stub_check_sysv_msqget, 1499ba53d9c9SRobert Watson .mpo_check_sysv_msqsnd = stub_check_sysv_msqsnd, 1500ba53d9c9SRobert Watson .mpo_check_sysv_msqrcv = stub_check_sysv_msqrcv, 1501ba53d9c9SRobert Watson .mpo_check_sysv_msqctl = stub_check_sysv_msqctl, 1502ba53d9c9SRobert Watson .mpo_check_sysv_semctl = stub_check_sysv_semctl, 1503ba53d9c9SRobert Watson .mpo_check_sysv_semget = stub_check_sysv_semget, 1504ba53d9c9SRobert Watson .mpo_check_sysv_semop = stub_check_sysv_semop, 1505ba53d9c9SRobert Watson .mpo_check_sysv_shmat = stub_check_sysv_shmat, 1506ba53d9c9SRobert Watson .mpo_check_sysv_shmctl = stub_check_sysv_shmctl, 1507ba53d9c9SRobert Watson .mpo_check_sysv_shmdt = stub_check_sysv_shmdt, 1508ba53d9c9SRobert Watson .mpo_check_sysv_shmget = stub_check_sysv_shmget, 15091c3f91cdSRobert Watson .mpo_check_kenv_dump = stub_check_kenv_dump, 15101c3f91cdSRobert Watson .mpo_check_kenv_get = stub_check_kenv_get, 15111c3f91cdSRobert Watson .mpo_check_kenv_set = stub_check_kenv_set, 15121c3f91cdSRobert Watson .mpo_check_kenv_unset = stub_check_kenv_unset, 15131c3f91cdSRobert Watson .mpo_check_kld_load = stub_check_kld_load, 15141c3f91cdSRobert Watson .mpo_check_kld_stat = stub_check_kld_stat, 15151c3f91cdSRobert Watson .mpo_check_kld_unload = stub_check_kld_unload, 15161c3f91cdSRobert Watson .mpo_check_mount_stat = stub_check_mount_stat, 15171c3f91cdSRobert Watson .mpo_check_pipe_ioctl = stub_check_pipe_ioctl, 15181c3f91cdSRobert Watson .mpo_check_pipe_poll = stub_check_pipe_poll, 15191c3f91cdSRobert Watson .mpo_check_pipe_read = stub_check_pipe_read, 15201c3f91cdSRobert Watson .mpo_check_pipe_relabel = stub_check_pipe_relabel, 15211c3f91cdSRobert Watson .mpo_check_pipe_stat = stub_check_pipe_stat, 15221c3f91cdSRobert Watson .mpo_check_pipe_write = stub_check_pipe_write, 152352648411SRobert Watson .mpo_check_posix_sem_destroy = stub_check_posix_sem_destroy, 152452648411SRobert Watson .mpo_check_posix_sem_getvalue = stub_check_posix_sem_getvalue, 152552648411SRobert Watson .mpo_check_posix_sem_open = stub_check_posix_sem_open, 152652648411SRobert Watson .mpo_check_posix_sem_post = stub_check_posix_sem_post, 152752648411SRobert Watson .mpo_check_posix_sem_unlink = stub_check_posix_sem_unlink, 152852648411SRobert Watson .mpo_check_posix_sem_wait = stub_check_posix_sem_wait, 15291c3f91cdSRobert Watson .mpo_check_proc_debug = stub_check_proc_debug, 15301c3f91cdSRobert Watson .mpo_check_proc_sched = stub_check_proc_sched, 1531030a28b3SRobert Watson .mpo_check_proc_setuid = stub_check_proc_setuid, 1532030a28b3SRobert Watson .mpo_check_proc_seteuid = stub_check_proc_seteuid, 1533030a28b3SRobert Watson .mpo_check_proc_setgid = stub_check_proc_setgid, 1534030a28b3SRobert Watson .mpo_check_proc_setegid = stub_check_proc_setegid, 1535030a28b3SRobert Watson .mpo_check_proc_setgroups = stub_check_proc_setgroups, 1536030a28b3SRobert Watson .mpo_check_proc_setreuid = stub_check_proc_setreuid, 1537030a28b3SRobert Watson .mpo_check_proc_setregid = stub_check_proc_setregid, 1538030a28b3SRobert Watson .mpo_check_proc_setresuid = stub_check_proc_setresuid, 1539030a28b3SRobert Watson .mpo_check_proc_setresgid = stub_check_proc_setresgid, 15401c3f91cdSRobert Watson .mpo_check_proc_signal = stub_check_proc_signal, 1541babe9a2bSRobert Watson .mpo_check_proc_wait = stub_check_proc_wait, 15427f53207bSRobert Watson .mpo_check_socket_accept = stub_check_socket_accept, 15431c3f91cdSRobert Watson .mpo_check_socket_bind = stub_check_socket_bind, 15441c3f91cdSRobert Watson .mpo_check_socket_connect = stub_check_socket_connect, 15456758f88eSRobert Watson .mpo_check_socket_create = stub_check_socket_create, 15461c3f91cdSRobert Watson .mpo_check_socket_deliver = stub_check_socket_deliver, 15471c3f91cdSRobert Watson .mpo_check_socket_listen = stub_check_socket_listen, 15487f53207bSRobert Watson .mpo_check_socket_poll = stub_check_socket_poll, 15497f53207bSRobert Watson .mpo_check_socket_receive = stub_check_socket_receive, 15501c3f91cdSRobert Watson .mpo_check_socket_relabel = stub_check_socket_relabel, 15517f53207bSRobert Watson .mpo_check_socket_send = stub_check_socket_send, 15527f53207bSRobert Watson .mpo_check_socket_stat = stub_check_socket_stat, 15531c3f91cdSRobert Watson .mpo_check_socket_visible = stub_check_socket_visible, 15541c3f91cdSRobert Watson .mpo_check_sysarch_ioperm = stub_check_sysarch_ioperm, 15551c3f91cdSRobert Watson .mpo_check_system_acct = stub_check_system_acct, 15561c3f91cdSRobert Watson .mpo_check_system_reboot = stub_check_system_reboot, 15571c3f91cdSRobert Watson .mpo_check_system_settime = stub_check_system_settime, 15581c3f91cdSRobert Watson .mpo_check_system_swapon = stub_check_system_swapon, 15591c3f91cdSRobert Watson .mpo_check_system_swapoff = stub_check_system_swapoff, 15601c3f91cdSRobert Watson .mpo_check_system_sysctl = stub_check_system_sysctl, 15611c3f91cdSRobert Watson .mpo_check_vnode_access = stub_check_vnode_access, 15621c3f91cdSRobert Watson .mpo_check_vnode_chdir = stub_check_vnode_chdir, 15631c3f91cdSRobert Watson .mpo_check_vnode_chroot = stub_check_vnode_chroot, 15641c3f91cdSRobert Watson .mpo_check_vnode_create = stub_check_vnode_create, 15651c3f91cdSRobert Watson .mpo_check_vnode_delete = stub_check_vnode_delete, 15661c3f91cdSRobert Watson .mpo_check_vnode_deleteacl = stub_check_vnode_deleteacl, 156764f00af8SRobert Watson .mpo_check_vnode_deleteextattr = stub_check_vnode_deleteextattr, 15681c3f91cdSRobert Watson .mpo_check_vnode_exec = stub_check_vnode_exec, 15691c3f91cdSRobert Watson .mpo_check_vnode_getacl = stub_check_vnode_getacl, 15701c3f91cdSRobert Watson .mpo_check_vnode_getextattr = stub_check_vnode_getextattr, 15711c3f91cdSRobert Watson .mpo_check_vnode_link = stub_check_vnode_link, 157264f00af8SRobert Watson .mpo_check_vnode_listextattr = stub_check_vnode_listextattr, 15731c3f91cdSRobert Watson .mpo_check_vnode_lookup = stub_check_vnode_lookup, 15741c3f91cdSRobert Watson .mpo_check_vnode_mmap = stub_check_vnode_mmap, 15751c3f91cdSRobert Watson .mpo_check_vnode_open = stub_check_vnode_open, 15761c3f91cdSRobert Watson .mpo_check_vnode_poll = stub_check_vnode_poll, 15771c3f91cdSRobert Watson .mpo_check_vnode_read = stub_check_vnode_read, 15781c3f91cdSRobert Watson .mpo_check_vnode_readdir = stub_check_vnode_readdir, 15791c3f91cdSRobert Watson .mpo_check_vnode_readlink = stub_check_vnode_readlink, 15801c3f91cdSRobert Watson .mpo_check_vnode_relabel = stub_check_vnode_relabel, 15811c3f91cdSRobert Watson .mpo_check_vnode_rename_from = stub_check_vnode_rename_from, 15821c3f91cdSRobert Watson .mpo_check_vnode_rename_to = stub_check_vnode_rename_to, 15831c3f91cdSRobert Watson .mpo_check_vnode_revoke = stub_check_vnode_revoke, 15841c3f91cdSRobert Watson .mpo_check_vnode_setacl = stub_check_vnode_setacl, 15851c3f91cdSRobert Watson .mpo_check_vnode_setextattr = stub_check_vnode_setextattr, 15861c3f91cdSRobert Watson .mpo_check_vnode_setflags = stub_check_vnode_setflags, 15871c3f91cdSRobert Watson .mpo_check_vnode_setmode = stub_check_vnode_setmode, 15881c3f91cdSRobert Watson .mpo_check_vnode_setowner = stub_check_vnode_setowner, 15891c3f91cdSRobert Watson .mpo_check_vnode_setutimes = stub_check_vnode_setutimes, 15901c3f91cdSRobert Watson .mpo_check_vnode_stat = stub_check_vnode_stat, 15911c3f91cdSRobert Watson .mpo_check_vnode_write = stub_check_vnode_write, 1592403b781eSRobert Watson .mpo_priv_check = stub_priv_check, 1593403b781eSRobert Watson .mpo_priv_grant = stub_priv_grant, 1594d8a7b7a3SRobert Watson }; 1595d8a7b7a3SRobert Watson 15961c3f91cdSRobert Watson MAC_POLICY_SET(&mac_stub_ops, mac_stub, "TrustedBSD MAC/Stub", 1597740348c4SRobert Watson MPC_LOADTIME_FLAG_UNLOADOK, NULL); 1598